统一项目管理、清单模板接口

modules/pm/controllers/pm_controller.js

@@ -9,6 +9,14 @@ var callback = function(req, res, err, message, data){
 }
 
 module.exports = {
+    checkRight: function (req, res) {
+        var data = JSON.parse(req.body.data);
+        if (data.user_id) {
+            return data.user_id === req.session.userID;
+        } else {
+            return false;
+        }
+    },
     getProjects: function(req, res){
         var data = JSON.parse(req.body.data);
         ProjectsData.getUserProjects(data.user_id, function(err, message, projects){

modules/pm/routes/pm_route.js

@@ -6,6 +6,14 @@ var express = require('express');
 var pmRouter = express.Router();
 var pmController = require('./../controllers/pm_controller');
 
+pmRouter.use(function (req, res, next) {
+    if (/\/getNewProjectID/.test(req.originalUrl) || pmController.checkRight(req, res)) {
+        next();
+    } else {
+        res.json({error: 1, message: '对不起，您无权限操作。', data: null});
+    }
+});
+
 pmRouter.post('/getProjects', pmController.getProjects);
 pmRouter.post('/updateProjects', pmController.updateProjects);
 pmRouter.post('/copyProjects', pmController.copyProjects);

server.js

@@ -39,7 +39,7 @@ app.use(session({
 app.use(function (req, res, next) {
     var url = req.originalUrl;
     if (!/^\/login/.test(req.originalUrl) && !req.session.userAccount) {
-        if (req.headers.referer) {
+        if (/\/api/.test(req.originalUrl)) {
             return res.redirect('/login' + '?referer=' + req.headers.referer);
         } else {
             return res.redirect("/login" + '?referer=' + req.originalUrl);
@@ -52,12 +52,19 @@ app.use('/', require('./modules/users/routes/users_route'));
 app.use('/fees', require('./modules/fees/routes/fees_router'));
 
 app.get('/template/bills', function (req, res) {
-    res.render('templates/html/bills.html',
-        {userAccount: req.session.userAccount,
-            userID: req.session.userID});
+    var checkAdmin = function (userAccount) {
+        return true;
+    }
+    if (checkAdmin(req.session.userAccount)) {
+        res.render('templates/html/bills.html',
+            {userAccount: req.session.userAccount,
+                userID: req.session.userID});
+    } else {
+        res.redirect('/pm');
+    }
 });
 
-app.use('/template/bills', function (req, res, next) {
+app.use('/template/bills/api', function (req, res, next) {
     var checkAdmin = function (userAccount) {
         return true;
     }
@@ -68,27 +75,28 @@ app.use('/template/bills', function (req, res, next) {
     }
 });
 var billsTemplateRouter = require('./modules/templates/routes/bills_template_router');
-app.use('/template/bills', billsTemplateRouter);
+app.use('/template/bills/api', billsTemplateRouter);
 
 app.get('/pm', function(req, res){
     res.render('pm/html/project-management.html',
         {userAccount: req.session.userAccount,
             userID: req.session.userID});
 });
-
 var pmRouter = require('./modules/pm/routes/pm_route');
-app.use('/', pmRouter);
+app.use('/pm/api', pmRouter);
 
 app.get('/main',  function(req, res) {
-    if (!req.session.userAccount) {
-        res.redirect('/login');
+    var checkProjectRight = function (userID, projectID) {
+        return true;
     }
-    else {
+    if (checkProjectRight(req.session.userID, req.query.project)) {
         res.render('main/html/main.html',
             {
                 userAccount: req.session.userAccount,
                 userID: req.session.userID
             });
+    } else {
+        res.redirect('/pm');
     }
 });
 

web/main/js/main_ajax.js

@@ -28,7 +28,7 @@ var PullData = function (url, data, successCallback, errorCallback) {
 var GetProject = function (proj_id, callback) {
     $.ajax({
         type:"POST",
-        url: '/getProject',
+        url: '/pm/api/getProject',
         data: {'data': JSON.stringify({"user_id": userID, "proj_id": proj_id})},
         dataType: 'json',
         cache: false,

web/pm/js/pm_ajax.js

@@ -5,7 +5,7 @@
 var GetAllProjectData = function (callback) {
     $.ajax({
         type:"POST",
-        url: '/getProjects',
+        url: '/pm/api/getProjects',
         data: {'data': JSON.stringify({"user_id": userID})},
         dataType: 'json',
         cache: false,
@@ -27,7 +27,7 @@ var GetAllProjectData = function (callback) {
 var UpdateProjectData = function (updateData, callback) {
     $.ajax({
         type:"POST",
-        url: '/updateProjects',
+        url: '/pm/api/updateProjects',
         data: {'data': JSON.stringify({"user_id": userID, "updateData": updateData})},
         dataType: 'json',
         cache: false,
@@ -48,7 +48,7 @@ var UpdateProjectData = function (updateData, callback) {
 var RenameProject = function(projId, newName, callback) {
     $.ajax({
         type: "POST",
-        url: '/renameProject',
+        url: '/pm/api/renameProject',
         data: {'data': JSON.stringify({"user_id": userID, "id": projId, "newName": newName})},
         dataType: 'json',
         cache: false,
@@ -69,7 +69,7 @@ var RenameProject = function(projId, newName, callback) {
 var BeforeOpenProject = function (projId, updateData, callback) {
     $.ajax({
         type: "POST",
-        url: '/beforeOpenProject',
+        url: '/pm/api/beforeOpenProject',
         data: {'data': JSON.stringify({"user_id": userID, "proj_id": projId, "updateData": updateData})},
         dataType: 'json',
         cache: false,

web/pm/js/pm_main.js

@@ -373,7 +373,7 @@ $('#addFolderOk').click(function () {
             next = Tree.firstNode();
         }
 
-        CommonAjax.post('/getNewProjectID', {count: 1}, function (IDs) {
+        CommonAjax.post('/pm/api/getNewProjectID', {count: 1}, function (IDs) {
             var updateData = GetAddForlderUpdateData(parent, next, name, IDs.lowID);
             Tree.maxNodeId(IDs.lowID - 1);
             UpdateProjectData(updateData, function(datas){
@@ -408,7 +408,7 @@ var AddProj = function () {
         //     parent = Tree._root();
         //     next = Tree.firstNode();
         // }
-        CommonAjax.post('/getNewProjectID', {count: 1}, function (IDs) {
+        CommonAjax.post('/pm/api/getNewProjectID', {count: 1}, function (IDs) {
             var updateData = GetAddProjUpdateData(Tree._root, Tree.firstNode(), name, IDs.lowID);
             Tree.maxNodeId(IDs.lowID - 1);
             UpdateProjectData(updateData, function (datas) {
@@ -428,7 +428,7 @@ var AddProj = function () {
 var AddFolderProj = function () {
     var nameB = $('#buildName').val(), nameX = $('#xiangName').val(), name = $('#tenderName').val();
     if (nameB !== '' && nameX !== '' && name !== '') {
-        CommonAjax.post('/getNewProjectID', {count: 3}, function (IDs) {
+        CommonAjax.post('/pm/api/getNewProjectID', {count: 3}, function (IDs) {
             var updateData = GetAddFolderProjUpdateData(Tree._root, Tree.firstNode(), nameB, nameX, name, IDs.lowID);
             Tree.maxNodeId(IDs.lowID - 1);
             UpdateProjectData(updateData, function (datas) {
@@ -595,10 +595,10 @@ $('#copytoOk').click(function() {
         }
 
         if (parent !== cur.parent || (next !== cur && next !== cur.nextSibling)){
-            CommonAjax.post('/getNewProjectID', {count: 1}, function (IDs) {
+            CommonAjax.post('/pm/api/getNewProjectID', {count: 1}, function (IDs) {
                 var updateData = GetCopyUpdateData(cur, parent, next, IDs.lowID);
                 Tree.maxNodeId(IDs.lowID - 1);
-                CommonAjax.post('/copyProjects', {user_id: userID, updateData: updateData}, function (data) {
+                CommonAjax.post('/pm/api/copyProjects', {user_id: userID, updateData: updateData}, function (data) {
                     form.modal('hide');
                     data.forEach(function (nodeData) {
                         if (nodeData.updateType === 'copy') {

web/templates/js/bills.js

@@ -51,7 +51,7 @@ $(document).ready(function () {
         var data = {type: 'update', data: {ID: node.getID()}};
         data.data[fieldName] = info.editingText;
         var updateData = FormatUpdateData([data]);
-        CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+        CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
             node.data[fieldName] = info.editingText;
             controller.refreshTreeNode([node], false);
         }, function () {
@@ -77,7 +77,7 @@ $(document).ready(function () {
                 datas.push(data);
             }
         };
-        CommonAjax.post('/template/bills/updateBillsTemplate', FormatUpdateData(datas), function (data) {
+        CommonAjax.post('/template/bills/api/updateBillsTemplate', FormatUpdateData(datas), function (data) {
             RefreshBillsData(data);
             controller.showTreeData();
         }, function () {
@@ -85,7 +85,7 @@ $(document).ready(function () {
         });
     });
 
-    CommonAjax.post('/template/bills/getBillsTemplate', {tempType: tempType}, function (data) {
+    CommonAjax.post('/template/bills/api/getBillsTemplate', {tempType: tempType}, function (data) {
         var bills = data;
         tree.loadDatas(bills);
         controller.showTreeData();
@@ -96,7 +96,7 @@ $(document).ready(function () {
     });
 
     $('#insert').click(function () {
-        CommonAjax.post('/template/bills/getNewBillsTemplateID', {count: 1}, function (data) {
+        CommonAjax.post('/template/bills/api/getNewBillsTemplateID', {count: 1}, function (data) {
             var selected = controller.tree.selected, updateData;
             controller.tree.maxNodeID(data.lowID - 1);
             controller.tree.rangeNodeID(data.highID);
@@ -106,7 +106,7 @@ $(document).ready(function () {
                 updateData = FormatUpdateData(controller.tree.getInsertData());
             }
             if (updateData.updateData.length > 0) {
-                CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+                CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                     controller.insert();
                     controller.showTreeData();
                 });
@@ -119,7 +119,7 @@ $(document).ready(function () {
         var selected = controller.tree.selected, updateData;
         if (selected) {
             updateData = FormatUpdateData(controller.tree.getDeleteData(selected));
-            CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+            CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                 controller.delete();
                 controller.showTreeData();
             });
@@ -129,7 +129,7 @@ $(document).ready(function () {
         var selected = controller.tree.selected, updateData;
         if (selected) {
             updateData = FormatUpdateData(selected.getUpLevelData());
-            CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+            CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                 controller.upLevel();
                 controller.showTreeData();
             });
@@ -139,7 +139,7 @@ $(document).ready(function () {
         var selected = controller.tree.selected, updateData;
         if (selected) {
             updateData = FormatUpdateData(selected.getDownLevelData());
-            CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+            CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                 controller.downLevel();
                 controller.showTreeData();
             });
@@ -149,7 +149,7 @@ $(document).ready(function () {
         var selected = controller.tree.selected, updateData;
         if (selected) {
             updateData = FormatUpdateData(selected.getUpMoveData());
-            CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+            CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                 controller.upMove();
                 controller.showTreeData();
             });
@@ -159,7 +159,7 @@ $(document).ready(function () {
         var selected = controller.tree.selected, updateData;
         if (selected) {
             updateData = FormatUpdateData(selected.getDownMoveData());
-            CommonAjax.post('/template/bills/updateBillsTemplate', updateData, function (data) {
+            CommonAjax.post('/template/bills/api/updateBillsTemplate', updateData, function (data) {
                 controller.downMove();
                 controller.showTreeData();
             });